[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ESP New Draft

In message <199705170326.UAA26094@mailsun2.us.oracle.com>, "PALAMBER.US.ORACLE.
COM" writes:
> 
>As working group chair, I see no clear consensus to forbid the use of ESP with
>a null encryption algorithm (a.k.a auth-only-ESP).  There have been many 
>strong statements made to the mailing list recommending that ESP always 
>encrypt.  I've also talked to implementors developing auth-only-ESP as a 
>"valued added" option.  ESP has the flexibility to support any algorithm.  
>Clear guidelines need to be provided that define the usage of these algorithms
>including the use of a null encryption algorithm. 

Paul, we had a straw poll on this list, and we had a large number of
implementors decide in the Memphis meeting. Both were against
auth-only-ESP. How in heaven can you say that there is no clear
consensus ? There are 3 (count, three) people who spoke for
auth-only-ESP on this mailing list.

I was under the impression the WG chair is NOT supposed to make
decisions when there *IS* a rough consensus (and this is not even
rough).

Finally, even if people do go ahead and hack their code to do
encryptionless ESP, this doesn't mean we should ratify their decision
by allowing it in the docs if we believe it's wrong. And all the
discussion i've seen on this WG (list, meeting) indicates that the
majority thinks it's wrong.
Cheers,
-Angelos

PS. You say you've talked to implementors who added this as a 
"value added" option. Why don't they talk for themselves on this list?
I don't doubt your saying so, but i'm curious why they don't express
their opinion on the list if they like encryptionless ESP so much.
Only implementor i've seen so far was Charlie (from BBN).
Follow-Ups: References: